Transcript Internet Vulnerabilities & Criminal Activity

Internet Vulnerabilities &
Criminal Activity
Phishing, Nigerian
419’s, & High-Yield
Investment Programs
(HYIP)
8.1
3/22/10
Phishing
“The criminally fraudulent
process of attempting to
acquire sensitive information
such as usernames,
passwords and credit card
details by masquerading as a
trustworthy entity in an
electronic communication.”
(Wikipedia.org)
Why ‘ph’ ? Phishing History

Original hackers


phone + freaks = phreakers
Term first used 1996
Coined by hackers who conned AOL users
into divulging their passwords
 ‘Phish’ = hacked account


Phish traded as currency among hackers
by 1997
How Phishing Works




Victim receives an official looking e-mail from
and ISP, online bank, or government agency
Victim advised he/she must validate or his/her
information to prevent dire consequences
Victim clicks on provided link and is taken to a
spoofed website
Victim asked to enter personal information to
validate/update his/her account

User name, account number, credit card number,
password, etc.
Phishing Techniques

Social engineering


Link manipulation


“Subject: To restore access to your bank
account..”
Casual observation leads victim to believe
the link in e-mail is to legitimate web page
Filter evasion

Use of images rather than text
Phishing Techniques cont.

Website forgery




Phone phishing



Address bar forgery
Cross-scripting
Man-in-the-middle attacks
Phone message apparently from bank has victim call
phishers using VOIP
Vishing
Other techniques

Pop-up windows over legitimate bank sites
Spear Phishing




An e-mail spoofing fraud attempt that targets a
specific organization, seeking unauthorized
access to confidential data
E-mail appears to come from a trusted source
usually within one’s own company
Likely to be conducted by "sophisticated groups
out for financial gain, trade secrets or military
information.” NY Times
Overcomes normal suspicions
Rock Phish







No one really sure what it is
Wikipedia - phishing tool
Others - one of the most prominent phishing
groups in operation
Techno-savvy
Specializes in European and U.S. financial
institutions
Responsible for 1/3 to 1/2 of all phishing emails sent in any given day
Credit card fraud, money laundering
Rock Phish Demo

http://www.youtube.c
om/watch?v=6Nviim
O64qA
Phishing Costs

$2.8 billion in 2006

$3.2 billion in 2007

$350 - $1244 per victim

Most cost born by financial institutions
Phishing in 2009
APWG
Phishing Laws

CAN SPAM Act


Controls conditions under which unsolicited
commercial e-mail may be sent
Anti-phishing Act of 2004

Did not become law
Problems for Law Enforcement

Phishing web sites quickly move from one
ISP to another

7 different servers in 12 days
Average phishing web site active for only
54 hours
 Web sites gone long before victim
realizes he/she is a victim
 Webs sites have global location

Phishing Example
Phishing Example
URL http://mail.opmcm.gov.np/locale/ar/LC_M
ESSAGES/online.lloydstsb.co.uk/custome
r.ibcWT.ac=hpIBlogon/
202.45.147.69 is from Nepal(NP) in region
Southern and Eastern Asia
Pharming
“Redirecting one web
sites traffic to another
web site.”
Nigerian 419’s
“An advance-fee fraud in
which the target is
persuaded to advance
sums of money in the
hope of realizing a
significantly larger gain.”
(Wikipedia.org)
Nigerian 419 e-mail scams
Advanced Fee Fraud - (AFF)
 419 - Nigerian criminal code
 Originated in early 1980’s as Nigerian oil
profits declined
 “One of Nigeria’s most important export
industries”
 Many variations

419 Elements

Scammers use Internet Cafes / Spoofed
web sites

“Official” sounding introduction and
correspondence

Uses name of real individual

May use religious theme
419 Elements cont.
Knows about a large sum of money that
scammer cannot directly access
 Victim offered 10% - 40% of money for
assisting scammer
 Victim asked to send money to assist
scammer in accessing large fund

Amount asked for may be large, but not in
comparison to promised portion
 Funds transferred by untraceable wire
transfer

419 Elements cont.

If victim is hooked, scammer will continue
to ask for funds for various purposes


Once victim has invested in scam, he/she will
feel the need to see the deal through
Victim may be scammed a second time
by scammer pretending to be law
enforcement or government official
Problems for Law Enforcement

Anonymity

Jurisdiction

Untraceable wire transfer

Prosecutions by Nigerian government
have become opportunities for bribery
Example Recent 419 Scam
High-Yield Investment
Programs
“A type of Ponzi scheme, which
is an investment scam that
promises an unsustainably high
return on investment by paying
previous investors with the
money invested by newcomers.”
(Wikipedia.org)
Ponzi Scheme
Ponzi schemes are a type of illegal pyramid scheme
named for Charles Ponzi, who duped thousands of New
England residents into investing in a postage stamp
speculation scheme back in the 1920s. Ponzi thought
he could take advantage of differences between U.S.
and foreign currencies used to buy and sell international
mail coupons. Ponzi told investors that he could provide
a 40% return in just 90 days compared with 5% for bank
savings accounts. Ponzi was deluged with funds from
investors, taking in $1 million during one three-hour
period and this was 1921! Though a few early investors
were paid off to make the scheme look legitimate, an
investigation found that Ponzi had only purchased about
$30 worth of the international mail coupons.
HYIP Operators





Set up web site offering investments
Promised returns of 45% per month, 6% per
day
No details offered on underlying investments
Incorporate in countries with lax investment
laws
Web sites frequently infect visitors with malware
HYIP Monitor Sites
http://lifehyips.net/
HYIP Web Site
Start Your Own HYIP
HYIP and US Law
HYIP is a fraud
 Prosecution by the SEC - Security &
Exchange Commission
 Problems

Anonymity
 Jurisdiction
